HackSysExtremeVulnerableDriver

[mak]

HackSysExtremeVulnerableDriver

           ooooo   ooooo oooooooooooo oooooo     oooo oooooooooo.   
           `888'   `888' `888'     `8  `888.     .8'  `888'   `Y8b  
            888     888   888           `888.   .8'    888      888 
            888ooooo888   888oooo8       `888. .8'     888      888 
            888     888   888    "        `888.8'      888      888 
            888     888   888       o      `888'       888     d88' 
           o888o   o888o o888ooooood8       `8'       o888bood8P'

HackSys Extreme Vulnerable Driver is intentionally vulnerable Windows driver developed for security enthusiasts to learn and polish their exploitation skills at Kernel level.

HackSys Extreme Vulnerable Driver caters wide range of vulnerabilities ranging from simple Stack Buffer Overflow to complex Use After Free, Pool Buffer Overflow and Race Condition. This allows the researchers to explore the exploitation techniques for every implemented vulnerabilities.

https://github.com/hacksysteam/HackSysE ... ableDriver
https://github.com/hacksysteam/HackSysE ... master.zip
Black Hat Arsenal 2016
Presentation
White Paper

Vulnerabilities Implemented

• Write NULL
  Double Fetch
  Buffer Overflow
  Stack
  Stack GS
  NonPagedPool
  NonPagedPoolNx
  PagedPoolSession
  Use After Free
  NonPagedPool
  NonPagedPoolNx
  Type Confusion
  Integer Overflow
  Arithmetic Overflow
  Memory Disclosure
  NonPagedPool
  NonPagedPoolNx
  Arbitrary Overwrite
  Null Pointer Dereference
  Uninitialized Memory
  Stack
  NonPagedPool
  Insecure Kernel Resource Access

Blog Post
http://www.payatu.com/hacksys-extreme-v ... le-driver/

External Exploits
https://github.com/sam-b/HackSysDriverExploits
https://github.com/sizzop/HEVD-Exploits
https://github.com/badd1e/bug-free-adventure
https://github.com/FuzzySecurity/HackSy ... SKernelPwn
https://github.com/theevilbit/exploits/tree/master/HEVD
https://github.com/GradiusX/HEVD-Python-Solutions
http://pastebin.com/ALKdpDsF
https://github.com/Cn33liz/HSEVD-StackOverflow
https://github.com/Cn33liz/HSEVD-StackOverflowX64
https://github.com/Cn33liz/HSEVD-StackCookieBypass
https://github.com/Cn33liz/HSEVD-ArbitraryOverwrite
https://github.com/Cn33liz/HSEVD-ArbitraryOverwriteGDI
https://github.com/Cn33liz/HSEVD-StackOverflowGDI
https://github.com/Cn33liz/HSEVD-Arbitr ... writeLowIL
https://github.com/mgeeky/HEVD_Kernel_Exploit
https://github.com/tekwizz123/HEVD-Exploit-Solutions
https://github.com/FULLSHADE/Windows-Ke ... ation-HEVD

External Blog Posts
http://niiconsulting.com/checkmate/2016 ... loitation/
http://samdb.xyz/2016/01/16/intro_to_ke ... art_0.html
http://samdb.xyz/2016/01/17/intro_to_ke ... art_1.html
http://samdb.xyz/2016/01/18/intro_to_ke ... art_2.html
http://samdb.xyz/2017/06/22/intro_to_ke ... art_3.html
https://sizzop.github.io/2016/07/05/ker ... art-1.html
https://sizzop.github.io/2016/07/06/ker ... art-2.html
https://sizzop.github.io/2016/07/07/ker ... art-3.html
https://sizzop.github.io/2016/07/08/ker ... art-4.html
https://www.fuzzysecurity.com/tutorials/expDev/14.html
https://www.fuzzysecurity.com/tutorials/expDev/15.html
https://www.fuzzysecurity.com/tutorials/expDev/16.html
https://www.fuzzysecurity.com/tutorials/expDev/17.html
https://www.fuzzysecurity.com/tutorials/expDev/18.html
https://www.fuzzysecurity.com/tutorials/expDev/19.html
https://www.fuzzysecurity.com/tutorials/expDev/20.html
http://dokydoky.tistory.com/445
https://hshrzd.wordpress.com/2017/05/28 ... p-the-lab/
https://hshrzd.wordpress.com/2017/06/05 ... on-part-2/
https://hshrzd.wordpress.com/2017/06/22 ... ess-token/
https://osandamalith.com/2017/04/05/win ... -overflow/
https://osandamalith.com/2017/06/14/win ... overwrite/
https://osandamalith.com/2017/06/22/win ... reference/
http://dali-mrabet1.rhcloud.com/windows ... hallenges/
https://blahcat.github.io/2017/08/31/ar ... rnel-hevd/
https://klue.github.io/blog/2017/09/hevd_stack_gs/
https://glennmcgui.re/introduction-to-w ... tion-pt-1/
https://glennmcgui.re/introduction-to-w ... tion-pt-2/